The TapToPay Key Management System (KMS) executes system security design by conditioning electronic purses (E-Purse) and Security Access Modules (SAM) such that any subsystem interacting with the E-Purse must require a SAM to enforce secured implementation of the application program. The SAM is specially designed security application residing inside a CPU smart card, which enhances and complements security of off-the-shelf E-Purse smart cards.

All security-sensitive decisions can only be made inside the security module to prevent application programmers being able to access to cryptographic keys or modify any processes made in module. Security modules are autonomous intelligent smart cards using cryptographic keys as the basis for security. Cryptographic keys are isolated and decoupled from the application program and programmers though the KMS.